Home/ Questions/Q 9091173
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-16T22:32:49+00:00

I’m developing a heavy AJAX Symfony 2 app. Most of my actions begin this

  • 0

I’m developing a heavy AJAX Symfony 2 app. Most of my actions begin this way:

if($this->getRequest()->isXmlHttpRequest()) {
   // Do something
}

The action only must be executed in case it’s responding to an AJAX request. I thought it would be better for sake of simplicity and better indentation to do things this way:

if(false === $this->getRequest()->isXmlHttpRequest()) {
   // throw some exception
}

// Do something

My problem is I don’t know what’s the most appropiate Exception I could throw. I’d like to get some feedback on the subject. Maybe AccessDeniedException? Would any of Symfony predefined Exception fit? Or should I create a new Exception extending the base PHP Exception class? Any opinions will be really appreciated and sorry for my English.

Edit: What about this one?

https://github.com/symfony/HttpKernel/blob/master/Exception/BadRequestHttpException.php

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You didn’t mention authentication, so I’m assuming it’s not an issue here. That being the case, I wouldn’t use AccessDeniedException, since it will produce a 401 Unauthorized error, which means that the user’s credentials were incorrect or missing. Here’s the definition for the 401 Unauthorized status:

    The request requires user authentication. The response MUST include a WWW-Authenticate header field (section 14.47) containing a challenge applicable to the requested resource. The client MAY repeat the request with a suitable Authorization header field (section 14.8). If the request already included Authorization credentials, then the 401 response indicates that authorization has been refused for those credentials. If the 401 response contains the same challenge as the prior response, and the user agent has already attempted authentication at least once, then the user SHOULD be presented the entity that was given in the response, since that entity might include relevant diagnostic information. HTTP access authentication is explained in “HTTP Authentication: Basic and Digest Access Authentication” [43].

    I also wouldn’t go with BadRequestHttpException. That will return a 400 response, which means that the server didn’t understand the request. I think in this case, the server understands the request, but is refusing to fulfill it. Here’s the full definition for a 400 response:

    The request could not be understood by the server due to malformed syntax. The client SHOULD NOT repeat the request without modifications.

    I think the HTTP status that closest matches your case here is 403 Forbidden:

    The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. If the server does not wish to make this information available to the client, the status code 404 (Not Found) can be used instead.

    According to Symfony on github, it doesn’t look like Symfony has a ForbiddenException, or anything similar… Which I think is a little strange (maybe I’m missing something?).

    If that’s the case, you can write your own, implementing the HttpExceptionInterface (or simply by extending HttpException). That, or you can just create a generic one on the fly:

    throw new HttpException(403, "Forbidden");
    • 0